Vendor Risk Brief MCP
Pricing
from $0.01 / 1,000 results
Vendor Risk Brief MCP
Create evidence-led vendor due-diligence briefs from public website, DNS, email-security, TLS, and HTTP security-header signals. Observations are qualified and not definitive risk ratings.
An Apify-hosted MCP server for business, procurement, and security agents that need a compact, evidence-led view of public vendor website and domain signals.
It reports what was publicly observed at request time and deliberately does not declare a vendor safe, unsafe, compliant, or assign a definitive risk rating.
Tools
create-vendor-brief— requiresdomain. Returns normalized domain, website title and meta description, public contact/social links, HTTP status and redirect observations, selected security headers, and MX/NS/TXT DNS facts with indicators and caveats.inspect-email-security— requiresdomain. Returns observed MX, SPF TXT, and DMARC TXT records with presence/missing/invalid-looking indicators. These are DNS observations, not a deliverability guarantee.inspect-web-security— requiresurlordomain. Returns final URL, HTTPS use, status, observable redirect chain, HSTS/CSP/X-Frame-Options/X-Content-Type-Options/referrer-policy headers, TLS details when available, and bounded observations.compare-vendors— requiresdomainscontaining 2–5 domains. Returns compact objective public facts and indicators for each.
Collection approach and limits
- Website requests use a
VendorRiskBriefMCP/1.0User-Agent, an 8-second timeout, and at most five redirects. - Static HTML is parsed with Cheerio. The tool only returns public
mailto:,tel:, page-visible email addresses, and common social-profile links. - DNS is first queried through Node
dns/promises; MX, NS, and TXT lookups use Google DNS-over-HTTPS only if the local resolver fails. - Security headers are from a single public HTTP response. DNS, web, and TLS results can change and may be incomplete due to network controls, CDNs, or unavailable services.
Run locally
npm installnpm run buildnpm testnpm run schemanpm run start:dev
The streamable HTTP MCP endpoint is http://localhost:3000/mcp (or the APIFY_CONTAINER_PORT port). A GET / supports Apify standby readiness probes.
Deploy
apify loginapify push
Connect an MCP client to https://<actor-host>/mcp and authenticate with an Apify Bearer token when deployed.
Billing
Every MCP tool execution calls await Actor.charge({ eventName: 'tool-call' }). Configure the matching tool-call event from .actor/pay_per_event.json in the Actor monetization settings.